While the majority of Apple products come with some level of malware protection, there is a new email scam going around that may keep Apple users on their toes.
A New Phishing Scam
Tax season can often be a stressful time for people, however, it is a great time for scammers. As a reminder: the IRS does not send emails requesting your information. Trusted companies will never ask for your information through email. While for many this seems obvious, scammers continue to scam because people continue to fall for their ploys.
Infamous malware botnet Emotet has its fingers in the scheme this year, as reports from email security firm Cofense indicates. Impersonating the IRS, Emotet bots are sending out emails en masse to individuals, asking them for vital personal information. The emails allege to contain tax information and rebates, a ploy to lure the potential victim. One variation of the scam email sends fake documents to victims. The fake documents arrive in a zip file. Extracting the compressed file reveals an Excel spreadsheet labeled ‘W-9 Form.xls.’ Opening this file and enabling content will install the malware.
While this is just one variation, many more may be in the wild.
How Malware Attacks
In addition to stealing the victim’s email, the reported malware will also email the bad Excel file to all of their contacts, and will also install further damaging malware. There may even be a chance that victims will be involved in a Conti ransomware attack, leaving their machine in the hands of crooks who will extort goods in exchange for releasing the machine held hostage.
This is not Emotet’s first foray into phishing scams. The IRS had to warn individuals in 2018 not to fall for tax scams from the botnet. Much of the same strategies used back then are still being used today.
Do your best to keep yourself protected. Never open suspicious emails, and make sure that your virus software is up to date. Malware is likely never going to go away, so it is best to always remain on guard. Do your best not to fall for scammers.
Can the malware be detected? I am not asking for myself, just to pass it on.
It would be a good idea to make sure all anti-virus malware software is currently up to date. Updates for this phishing attack should arrive soon if they are not already available.